Total Pageviews

02 November 2009

Password and PIN problems

An article on the relative security and insecurity of websites and banks

Why is it that websites deem a 6 character all lower case password to be "very weak" when there's 306million+ possibilities. Yet a 4 digit PIN (9999 possibilities) is secure enough for banks?

The website one is almost 31,000 times more secure yet is deemed "weak". Surely a rule for websites that if the incorrect password is used a certain number of times the account is locked would be sufficient to make the weak password 31,000 times stronger than the bank's security.

We have to be practical about this. In reality, any rules around requiring a password to have upper and lower case letter and special characters such as $,% etc simply make it much more likely people will write the passwords down. Just because this makes it the person's problem rather than the website's is no excuse - the overall security of the account is the issue, including the likelyhood that the account will be broken into because the password was so complicated it, together with the dozons of other passwords from other sites, all had to be written down somewhere because it was too much to remember.

Can we please have simpler password rules for websites and some way of having one strong security mechanism which ties them all together?

Craig
Posted by at 09:00
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Revolution in UK hotels
    As a contractor living away from home Mon-Thu in hotels, I am now experiencing the joys and delights of living in hotel rooms for up to 200 ...
  • PRINCE2 + AGILE = Common sense?
    An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
  • Bothered by Bosch
    My article about Dyson's breakdown problems made the front page of reddit and hopefully this article on Bosch will do so too because m...
  • Worst contact centre award
    Having been on hold to the Orange contact centre (I guess that's what you would call it, I might call it a non-contact centre) for appro...
  • World cup: broadcasters fail to qualify
    Why I won't be supporting England in the World Cup It's the sign of a nation that never really grows up that every 4 years we have ...
  • UK turning into a dictatorship - controversial legislation
    The Legislative and Regulatory Reform Bill is on its way through the UK parliament. The gist of it is that it'll give ministers the auth...
  • Dear Recruiting Stereotyper, please stop
    Your profile indicates you have been contracting recently, therefore you will only be interested in contract work then?  Incorrect. Thi...
  • Where to read my newer posts
    Find me on LinkedIn  https://www.linkedin.com/in/siliconglen/    Medium  https://siliconglen.medium.com/ thanks Craig
  • Cough, cough. Pay attention please.
    Having been bothered by a cough for the last few days and been singularly unimpressed with the variety of medicines on offer, I decided to t...
  • Towards a more flexible e-commerce model
    Argos (a top 5 e-commerce site in the UK ) reports on its website when you go to buy something: Remember, you don't need to register t...